Bank fraud blame game goes on
Thanks to technology, we no longer have to stand in a bank queue to move our money around - we can do it propped up in bed on our smartphone.
But how terrifying that crooks - lots of them - are using that technology to move our money out of our accounts and into theirs.
I used to console myself with the knowledge that, given my line of work, I'm wise to all the fraudsters' tricks - phishing, smishing, cloning, skimming and more.
I can see a fake corporate e-mail in seconds - the "Dear Client", and dodgy sentence construction are give-aways - and I'm always on high alert at an ATM. But now I fear that there's pretty much nothing I can do to stop someone reaching into my bank accounts and helping himself.
Too many people have come forward to say that they've had thousands, even hundreds of thousands, wiped off their accounts, despite not having compromised their internet banking passwords.
In one case I investigated, a forensic investigation commissioned by the bank - Absa - could find no evidence that the victim had responded to a phishing e-mail and refused to reveal how the fraud had been committed (see sidebar).
The banks continue to insist that victims must have compromised their details somehow and deny responsibility - while refusing to provide proof of the victim's culpability. If they do refund the victim, it's usually half of the loss as a "goodwill gesture", on condition the victim sign a confidentiality agreement.
On the other hand, the cellphone companies say: "Yes, the fraudsters stole your money with the help of a fraudulent SIM swap - so that fraudsters and not the account holder would receive that one-time-password - but the fraud would not have been possible without the account details and PIN being compromised in the first place."
And they have legal precedent on their side in the form of the case of Nashua Mobile (Pty) Ltd v GC Pale CC t/a Invasive Plant Solutions, in which the court held that a SIM swap does not in itself enable the fraud on a customer's bank account.
A few weeks ago Personal Finance reported that George businesswoman Monica Kruger, who was defrauded of R1.8-million, has launched a court application to compel Absa and Vodacom to give her the information she needs to establish who is liable for her loss.
Since, three more people have co me forward to say they were also victims of online banking and SIM-swap frauds, all of them customers of Standard Bank and Vodacom .
In Your Corner recently received complaints from two others who share that combination.
Brigette Brun, of Durban North
On October 3, fraudsters signed into her business account and created 20 new beneficiaries; then, having done a SIM swap of her Vodacom cellphone number, they made 19 payments totalling almost R185000. The bank managed to recover R35,000, leaving her with a R150,000 loss.
Standard Bank told her that its investigation had "eliminated any internal collusion or negligence resulting in your plight".
To add insult to injury, those fraudulently created beneficiary accounts were all with Standard Bank, but when Brun asked the bank for information to help with the criminal investigation she has instigated, the bank refused, saying it was "confidential third-party information". It has since given it to the police after being subpoenaed.
Sue Steyn, of Johannesburg
On a Sunday in August, a SIM swap of her Vodacom business account cellphone number was done by a fraudster who then logged onto her bank account and made payments totalling R40,000.
Responding, Standard Bank said each fraud case was considered on its merits and victims were encouraged to use the Banking Services Ombud as an independent arbitrator should they not agree with the outcome of the investigation.
"PIN-based authentication is secure," the bank said. "Customers need to ensure that they do not divulge this wittingly or unwittingly to third parties."
The bank failed to say how many such frauds were reported by its customers every month.
A Vodacom spokesman said that only 0.004% of its SIM swap requests were "potentially involved in fraudulent banking activities", there having been a "marked" decline in the past year.
The network was "not seeing" a trend in fraud affecting its customer who are Vodacom subscribers.
The spokesman repeated the line about the fraud not succeeding without the account security being compromised.
"The best way to prevent a banking fraud scam is to be alert to phishing sites that often request this type of information.
"Looking ahead, Vodacom is developing an innovative suite of solutions using biometrics to assist banks to authenticate their customers to prevent fraud."
Until the banks are forced to be more forthcoming about how these frauds are being committed, our best protection is to monitor our bank accounts and have our bank's fraud hotline in our cellphone contact list for quick reporting.